news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Handala
- Israel
- Jobinfo
- Middle East
- Asia
- Business Services
- Data Encrypted For Impact
- Shelter Locations In Israel
- Cyber Fattah Team
- Saudi Games
- Retail
- Saudi Arabia
- Ben Horin & Alexandrovitz
- Zachary Levi And Sons - Construction
- Sivim It
- Kibbutz Almog
- Government
- Saban Brands Israel
- Manufacturing
- Digitalghost
- Mprest
- The Knesset
- Evil_Byte
- Nobitex
- Gonjeshke Darande
- Chemicals And Allied Products
- South-Eastern Asia
- Sentap
- Kimia Farma
- exclusive
- Indonesia
- Europe
- Scania
- Northern Europe
- Hensi
- Transportation
- Sweden
- Tbn Israel
- Media
- Education
- Weizmann Institute Of Science
- Resistancetrench
- Israeli Air Force
- Israel Antiquities Authority
- Dienet
- Wazuh
- Cve-2025-24016
- Mirai
- CVE-2025-24016
- United States
- North America
- Clayoxtymus1337
- Technology
- Epsilor Electric Fuel
- Advanced Weapons And Equipment India
- Southern Asia
- India
- More_Eggs
- Fin6
- Alex Lab
- Cryptocurrency
- Edf Energy
- Critical Infrastructures
- United Kingdom
- Zoldyck
- Telecommunications
- Credentials In Files
- Match Legitimate Name Or Location
- Spearphishing Link
- Amos
- Spectrum
- Sudo And Sudo Caching
- Unix Shell
- Ingress Tool Transfer
- Disable Or Modify Tools
- Israel Defense Forces
- Coca-Cola Europacific Partners
- Ghna
- Food And Kindred Products
- Automotive
- Italy
- Southern Europe
- Locauto
- Whitecoat
- Spain
- Mercadona
- Healthcare
- Wow Health Solutions
- Ups
- Rip_Real_World
- Cyprus Airways
- Netsupport Rat
- Illeak
- Tel Aviv University
- Desec0X
- Yashma
- Chaos
- Lucky_Gh0$T
- Unc6032
- Cyberlock
- Numero
- Deloitte
- 303
- Gucci
- Phishing
- Credentials From Web Browsers
- File And Directory Discovery
- Screen Capture
- Obfuscated Files Or Information
- Data From Local System
- Windows Credential Manager
- System Information Discovery
- Eddiestealer
- Input Capture
- Credentials From Password Stores
- Virtualization/Sandbox Evasion
- Drive-By Compromise
- Password Managers
- Exfiltration Over C2 Channel
- Command And Scripting Interpreter
- User Execution
- Australia And New Zealand
- W_Tchdogs
- Australia
- Superloop
- Remote System Discovery
- Smb/Windows Admin Shares
- Escape To Host
- Lateral Tool Transfer
- Web Protocols
- Exploitation For Client Execution
- External Remote Services
- Docker
- Network Service Discovery
- Exploit Public-Facing Application
- Change Default File Association
- Deploy Container
- Resource Hijacking
- Venom Rat
- Bitdefender
- Eastern Europe
- Romania
- Financial Theft
- Cameleon
- CVE-2023-20118
- Eastern Asia
- Vicioustrap
- Cve-2023-20118
- Cisco
- Macao Special Administrative Region
- Uat-6382
- Tetraloader
- Trimble
- Cve-2025-0944
- CVE-2025-0944
- Process Discovery
- Malicious File
- Obfuscated Files Or Information: Encrypted Or Encoded Data
- Silver Fox
- China
- Dynamic-Link Library Injection
- Regsvr32
- File Deletion
- Rundll32
- Scheduled Task
- Masquerade Task Or Service
- Valleyrat
- Reflective Code Loading
- Powershell
- Danabot
- Trickbot
- Qakbot
- Warmcookie
- Bumblebee
- Cetus
- Purehvnc
- Bytebreaker
- Telcel
- Latin America And The Caribbean
- Mexico
- Viralgod
- Peter Green Chilled
- Cellcom
-
Jun 10, 2025
New Clickfix Infostealer Campaign Targets macOS Users
Cybersecurity researchers have identified a new malware campaign that uses social engineering tactics to distribute an information stealer known as Atomic macOS Stealer (AMOS) targeting Apple macOS systems. The campaign employs typosquatting domains that mimic the U.S.-based telecom provider Spectrum, tricking users into executing a malicious shell script that steals system passwords and downloads the AMOS variant. The attack begins on a fake webpage that prompts users to complete a CAPTCHA verification, ultimately leading them to execute harmful commands under the guise of fixing a non-existent issue. The campaign is believed to be orchestrated by Russian-speaking cybercriminals, as indicated by the presence of Russian language comments in the malware's code.
-
May 28, 2025
Cryptojacking Campaign Targets Misconfigured Docker APIs
A new malware campaign has emerged, targeting misconfigured Docker API instances to create a cryptocurrency mining botnet focused on mining Dero currency. The threat actor exploits insecurely published Docker APIs to gain access to running containerized infrastructures, propagating the malware through a worm-like mechanism to infect other exposed Docker instances. The attack utilizes two main components: a propagation malware named 'nginx' that scans for vulnerable Docker APIs, and a 'cloud' Dero cryptocurrency miner. This campaign has been linked to previous cryptojacking operations and poses a significant risk to any network with insecure Docker APIs.